Book description
Become a security automation expert and build solutions that save time while making your organization more secure
Key Features
- What’s inside
- An exploration of the SOAR platform’s full features to streamline your security operations
- Lots of automation techniques to improve your investigative ability
- Actionable advice on how to leverage the capabilities of SOAR technologies such as incident management and automation to improve security posture
Book Description
What your journey will look like
With the help of this expert-led book, you’ll become well versed with SOAR, acquire new skills, and make your organization's security posture more robust.
You’ll start with a refresher on the importance of understanding cyber security, diving into why traditional tools are no longer helpful and how SOAR can help.
Next, you’ll learn how SOAR works and what its benefits are, including optimized threat intelligence, incident response, and utilizing threat hunting in investigations.
You’ll also get to grips with advanced automated scenarios and explore useful tools such as Microsoft Sentinel, Splunk SOAR, and Google Chronicle SOAR.
The final portion of this book will guide you through best practices and case studies that you can implement in real-world scenarios.
By the end of this book, you will be able to successfully automate security tasks, overcome challenges, and stay ahead of threats.
What you will learn
- Reap the general benefits of using the SOAR platform
- Transform manual investigations into automated scenarios
- Learn how to manage known false positives and low-severity incidents for faster resolution
- Explore tips and tricks using various Microsoft Sentinel playbook actions
- Get an overview of tools such as Palo Alto XSOAR, Microsoft Sentinel, and Splunk SOAR
Who this book is for
You'll get the most out of this book if You're a junior SOC engineer, junior SOC analyst, a DevSecOps professional, or anyone working in the security ecosystem who wants to upskill toward automating security tasks You often feel overwhelmed with security events and incidents You have general knowledge of SIEM and SOAR, which is a prerequisite You’re a beginner, in which case this book will give you a head start You’ve been working in the field for a while, in which case you’ll add new tools to your arsenal
Table of contents
- Security Orchestration, Automation, and Response for Security Analysts
- Foreword
- Contributors
- About the author
- About the reviewers
- Preface
- Part 1: Intro to SOAR and Its Elements
- Chapter 1: The Current State of Cybersecurity and the Role of SOAR
- Chapter 2: A Deep Dive into Incident Management and Investigation
- Chapter 3: A Deep Dive into Automation and Reporting
- Part 2: SOAR Tools and Automation Hands-On Examples
- Chapter 4: Quick Dig into SOAR Tools
- Chapter 5: Introducing Microsoft Sentinel Automation
- Chapter 6: Enriching Incidents Using Automation
- Chapter 7: Managing Incidents with Automation
- Chapter 8: Responding to Incidents Using Automation
- Chapter 9: Mastering Microsoft Sentinel Automation: Tips and Tricks
- Index
- Other Books You May Enjoy
Product information
- Title: Security Orchestration, Automation, and Response for Security Analysts
- Author(s):
- Release date: July 2023
- Publisher(s): Packt Publishing
- ISBN: 9781803242910
You might also like
book
Windows Security Monitoring
Go deep into Windows security tools to implement more robust protocols and processes Windows Security Monitoring …
book
Adversarial Tradecraft in Cybersecurity
Master cutting-edge techniques and countermeasures to protect your organization from live hackers. Learn how to harness …
book
Windows Ransomware Detection and Protection
Protect your end users and IT infrastructure against common ransomware attack vectors and efficiently monitor future …
book
AWS Security
Running your systems in the cloud doesn’t automatically make them secure. Learn the tools and new …